ci: login to Docker Hub prior to build&push #3

	name: Release

	on:
	push:
	tags:
	- "v*"

	permissions:
	contents: read

	jobs:
	goreleaser:
	outputs:
	hashes: ${{ steps.hash.outputs.hashes }}
	permissions:
	contents: write # for goreleaser/goreleaser-action to create a GitHub release
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
	with:
	fetch-depth: 0

	- name: Set up Go
	uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0
	with:
	go-version-file: 'go.mod'

	- name: Install Syft
	uses: anchore/sbom-action/download-syft@ab5d7b5f48981941c4c5d6bf33aeb98fe3bae38c # v0.15.10

	- name: Login to Docker Hub
	uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_TOKEN }}

	- name: Run GoReleaser
	id: run-goreleaser
	uses: goreleaser/goreleaser-action@7ec5c2b0c6cdda6e8bbb49444bc797dd33d74dd8 # v5.0.0
	with:
	version: latest
	args: release --clean
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	VERSION_LDFLAGS: ${{ steps.ldflags.outputs.version }}

	provenance:
	needs: [goreleaser]
	permissions:
	actions: read # To read the workflow path.
	id-token: write # To sign the provenance.
	contents: write # To add assets to a release.
	uses: slsa-framework/slsa-github-generator/.github/workflows/[email protected] # not pinned to avoid breaking it, use it to target refs/tags/vX.Y.Z
	with:
	base64-subjects: "${{ needs.goreleaser.outputs.hashes }}"
	upload-assets: true # upload to a new release

Provide feedback